North Carolina tech worker found guilty of insider attack netting $2.5M ransom | CyberScoop<\/title> <meta name=\"description\" content=\"Cameron Nicholas Curry, also known as \u201cLoot,\u201d stole a trove of corporate data from a D.C.-based tech company as his six-month contract gig came to a close.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/cameron-curry-insider-attack-washington-tech-company\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"North Carolina tech worker found guilty of insider attack netting $2.5M ransom\"> <meta property=\"og:description\" content=\"Cameron Nicholas Curry, also known as \u201cLoot,\u201d stole a trove of corporate data from a D.C.-based tech company as his six-month contract gig came to a close.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/cameron-curry-insider-attack-washington-tech-company\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2026-03-20T01:46:55+00:00\"> <meta property=\"article:modified_time\" content=\"2026-03-20T01:46:58+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/north-carolina-tech-worker-found-guilty-of-insider-attack-netting-2-5m-ransom-2.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1440\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Matt Kapko\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1773246214g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1772477397g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1773271249g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/88322\"><meta name=\"generator\" content=\"WordPress 6.8.5\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=88322\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fcameron-curry-insider-attack-washington-tech-company%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fcameron-curry-insider-attack-washington-tech-company%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-88322 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/cameron-curry-insider-attack-washington-tech-company\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"26.351774530271\">\n<div class=\"single-article__header-content\" readability=\"36.240740740741\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/cameron-curry-insider-attack-washington-tech-company\/\"> <span>Cybercrime<\/span> <\/a> <\/li>\n<\/ul>\n<p> Cameron Nicholas Curry, also known as \u201cLoot,\u201d stole a trove of corporate data from a D.C.-based tech company as his six-month contract gig came to a close. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/88322\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"480\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/north-carolina-tech-worker-found-guilty-of-insider-attack-netting-2-5m-ransom.jpg?resize=640%2C480&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/north-carolina-tech-worker-found-guilty-of-insider-attack-netting-2-5m-ransom-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/north-carolina-tech-worker-found-guilty-of-insider-attack-netting-2-5m-ransom-2.jpg?resize=300,225 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/north-carolina-tech-worker-found-guilty-of-insider-attack-netting-2-5m-ransom-2.jpg?resize=768,576 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/north-carolina-tech-worker-found-guilty-of-insider-attack-netting-2-5m-ransom-2.jpg?resize=1024,768 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/north-carolina-tech-worker-found-guilty-of-insider-attack-netting-2-5m-ransom-2.jpg?resize=1536,1152 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/north-carolina-tech-worker-found-guilty-of-insider-attack-netting-2-5m-ransom-2.jpg?resize=600,450 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/north-carolina-tech-worker-found-guilty-of-insider-attack-netting-2-5m-ransom-2.jpg?resize=224,168 224w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/north-carolina-tech-worker-found-guilty-of-insider-attack-netting-2-5m-ransom-2.jpg?resize=449,337 449w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/north-carolina-tech-worker-found-guilty-of-insider-attack-netting-2-5m-ransom-2.jpg?resize=900,675 900w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/north-carolina-tech-worker-found-guilty-of-insider-attack-netting-2-5m-ransom-2.jpg?resize=1124,843 1124w\" sizes=\"(max-width: 900px) 100vw, 900px\"><figcaption> Department of Justice building. (Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"37.013896037056\"><body readability=\"75.352096159484\"><\/p>\n<p>A 27-year-old North Carolina man was found <a href=\"https:\/\/www.justice.gov\/usao-wdnc\/pr\/federal-jury-convicts-charlotte-man-cyber-extortion-scheme-targeted-international\">guilty of six counts of extortion<\/a> for a series of crimes he committed while working as a data analyst contractor for a D.C.-based international technology company, the Justice Department said Thursday.<\/p>\n<p>Cameron Nicholas Curry, also known as \u201cLoot,\u201d stole a trove of corporate data, including sensitive employee and compensation information, which he used to extort his employer, according to court records. Curry ultimately made off with approximately $2.5 million from the victim organization in January 2024.<\/p>\n<p>The insider attack underscores immeasurable risks companies accept when employees, or contractors placed in roles by a third-party recruitment company, as was the case with Curry, are allowed to access sensitive data on a company-owned laptop. Officials did not name the company.<\/p>\n<p>Curry used his access to the company\u2019s network to remove corporate data for extortion while he worked for the company between August and December 2023. Immediately following his last day of employment with the company, Curry started sending threatening emails to its employees and demanded a ransom to not leak and destroy the data.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Officials said he sent more than 60 emails to various employees and executives over a six-week period, threatening to disclose the company\u2019s payroll data, claiming it showed significant pay inequity across the workforce. In those emails, Curry framed the data theft extortion attack as an effort to implement salary transparency.<\/p>\n<p>\u201cLoot and our partners aim to ensure that everyone is being paid accordingly, providing employees with the leverage they deserve while also adhering to federal government regulations on protected acts,\u201d Curry wrote in one of the emails, according to the indictment.<\/p>\n<p>Curry included attachments with the emails containing screenshot images of spreadsheets listing the personally identifiable information of company employees. Officials said he also warned the company he would provide employees instructions on how to address pay discrimination through mediation, the Equal Employment Opportunity Commission or a class-action lawsuit.<\/p>\n<p>Some of the extortion emails got personal, including a claim that one person on the legal team wasn\u2019t getting a bonus while most employees in high-level positions did receive bonuses. Curry also threatened to report the breach to the Securities and Exchange Commission, citing rules that require public companies to disclose cyberattacks quickly. <\/p>\n<p>The publicly traded company notified the FBI of the breach on Dec. 14, 2023 and paid Curry\u2019s ransom demand almost a month later.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Multiple operational security mistakes helped authorities identify and build a case against Curry rather quickly. He used personal and verifiable data to establish a new Coinbase account, and two of the debit cards linked to the account Curry established to receive a ransom belonged to his mother and sister.<\/p>\n<p>Authorities searched Curry\u2019s apartment, digital devices and vehicle in Charlotte, North Carolina, just weeks after the ransom was paid. He was arrested and released on bond in late January 2024. <\/p>\n<p>Officials said Curry initiated his extortion scheme after he learned his contract with the company wouldn\u2019t be renewed. He faces up to 12 years in prison at sentencing.<\/p>\n<p>You can read the full indictment below.<\/p>\n<p> <\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.7689873417722\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/north-carolina-tech-worker-found-guilty-of-insider-attack-netting-2-5m-ransom-1.jpg?w=640&ssl=1\" alt=\"Matt Kapko\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Matt Kapko<\/h4>\n<p> Matt Kapko is a reporter at CyberScoop. His beat includes cybercrime, ransomware, software defects and vulnerability (mis)management. The lifelong Californian started his journalism career in 2001 with previous stops at Cybersecurity Dive, CIO, SDxCentral and RCR Wireless News. Matt has a degree in journalism and history from Humboldt State University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<link rel=\"modulepreload\" href=\"https:\/\/cyberscoop.com\/wp-includes\/js\/dist\/script-modules\/interactivity\/index.min.js?ver=55aebb6e0a16726baffb\" id=\"@wordpress\/interactivity-js-modulepreload\">   <\/body> <a href=\"https:\/\/cyberscoop.com\/cameron-curry-insider-attack-washington-tech-company\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>North Carolina tech worker found guilty of insider attack netting<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[282,78,440,895,323,2839,46,4491],"tags":[286,86,444,902,327,2840,54,4492],"class_list":["post-8450","post","type-post","status-publish","format-standard","hentry","category-cybercrime","category-cybersecurity","category-data-breaches","category-data-theft","category-extortion","category-insider-threat","category-ransomware","category-stolen-data","tag-cybercrime","tag-cybersecurity","tag-data-breaches","tag-data-theft","tag-extortion","tag-insider-threat","tag-ransomware","tag-stolen-data"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/data-breaches\/\" rel=\"category tag\">data breaches<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/data-theft\/\" rel=\"category tag\">Data theft<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/extortion\/\" rel=\"category tag\">extortion<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/insider-threat\/\" rel=\"category tag\">insider threat<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ransomware\/\" rel=\"category tag\">ransomware<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/stolen-data\/\" rel=\"category tag\">Stolen data<\/a>","tag_info":"Stolen data","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8450","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=8450"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8450\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=8450"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=8450"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=8450"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":8450,"date":"2026-03-19T20:46:55","date_gmt":"2026-03-20T01:46:55","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=88322"},"modified":"2026-03-19T20:46:55","modified_gmt":"2026-03-20T01:46:55","slug":"north-carolina-tech-worker-found-guilty-of-insider-attack-netting-2-5m-ransom","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2026\/03\/19\/north-carolina-tech-worker-found-guilty-of-insider-attack-netting-2-5m-ransom\/","title":{"rendered":"North Carolina tech worker found guilty of insider attack netting $2.5M ransom"},"content":{"rendered":"